Frequently Asked Questions

SecureTower is a 100% software product. However, in case you are going to use centralized interception, it may be required to install a router with traffic mirroring function (SPAN port).

The program is written in C++, C# and Assembler.

Yes, when working in conjunction with third-party solutions, the system can block file transfer to certain device types, by users, file extensions, types of activity (read/write) and/or time (e.g. only in work hours).

Server components of SecureTower can only be installed into Microsoft® Windows® operating systems. In case of intercetion via mirror port, all unencrypted traffic can be monitored, regardless of the OS and device sending or receiving the data. However, the agents installed on endpoints can only work under Microsoft® Windows® XP/Vista/7/ Server® 2003/Server® 2008 (x86 or x64). Thus, the functionality of such agents (interception of traffic in encrypted channels, monitoring user activity on endpoints, etc.) will be unavailable for other operating systems.

Yes, but the control will not be centralized. This means that one can install a system module in every office/LAN and monitor the traffic and user activities in each office/LAN separately. The intercepted data will not be stored in a single place and there will be no centralized access to such data.

No, it does not. But there is a downside to such blocking. The natural flow of the conversation is interrupted which manifests the work of a DLP system and does not allow investigation of previous security policy breaches. It also interrupts a communication process in cases of false or controversial triggering.

Yes. If you have a large network, it is important to install the interception server of the system onto a dedicated physical server. No other tasks should be performed by that server in order to avoid CPU overloading and, as a result, skipped traffic. So if you have a small network, you can have the system installed on one server, but it is still recommended that no other tasks are processed by that server.

No, the interception process does not interfere with any other processes in your network. The interception server is connected to your network switch just like any other computer and only receives traffic information using a special mirror port. This mirror port differs from other ports in that it is used only for redirecting traffic to the interception server.

Except for MS SQL Server, SQLite, Postgre SQL, the support of Oracle databases has recently been added which is going to be especially interesting for large corporate clients.

This depends on the traffic loads in the network. Intercepted data is stored in original volume, and the search indexes are stored in a compressed form, which is about 20% of the actual traffic size.

Yes. When configuring data indexing, you can set up the frequency of database clearing or the maximum period of data storage (e.g. automatically delete data older than 30 days).

The software is licensed based on the number of users/workstations, number of server modules and types of data monitored (e-mail, instant messengers, Web traffic). This means that the price depends on the number of employees/workstations in your network, the number of each of the three server components (modules) you need to install in order to ensure smooth operation of the system, and the channels of possible data leakage you are planning to control.

The system uses various data analysis technologies. It can check the documents by their contents using the keywords that you specify. It can apply analysis by regular expressions to identify that a certain document pattern is being sent, e.g. ID information, a credit card number or a Social Security Number. SecureTower also uses a digital fingerprint technology that works as follows: it takes “snapshots” (fingerprints) of confidential documents, stores them in a database and then compares them to every single document transmitted in the network. If any matches are detected, SecureTower will notify you that a confidential document has escaped. Moreover, SecureTower makes fingerprints of databases containing personal information.

The program allows tracking the information flows for certain data from existing databases (e.g. a combination of name, job title and e-mail). In this case the system will only send breach notifications if it detects all the components of such combination and will ignore the transmission of a name alone. This minimizes the percentage of false triggering.

The SecureTower system is optimized for large and dynamically updated data arrays. Whenever a database is updated, the system only indexes new information without consuming much time or resources for repeated indexing of all data. This is very convenient for large companies that keep, for instance, vast client or subscriber databases.

No, you do not have to maintain such a database to keep the system operating. Instead, you can configure security policies the system will use to control the traffic. But as experience confirms, the use of digital fingerprints technology alongside with contemporary data security methods provides a very effective tool to resist insider data leak threats.

The system supports interception and content analysis of data transferred over SSL/TLS-encrypted channels (HTTPS, FTPS, encrypted protocols for e-mail and instant messengers). In case some encrypted content is transmitted over the network (e.g. password-protected archive, PGP-encrypted data), the system will capture it, but it will be impossible to decrypt. In this case the system can send a notification of encrypted data.

Yes. It imports all users from your Active Directory with their e-mails and tracks all changes of user info in your domain.

No, there’s no such a need. It is only for your convenience.

No, this solution is not a firewall.

No, the product cannot be installed without administrator rights. One has to know the network specifics and topology to install the product. However, you can install the product on your local computer if you have administrator rights on it. This will enable you to intercept only your computer’s traffic.

No, but you can listen to voice messages and calls of specific users.

They are saved in the *.mp3 format, besides, you can set up audio compression quality.

No, this solution is not a firewall.

Yes. The system can capture e-mail sent over MS Exchange. Supported versions include MS Exchange 2007 and 2010.

If you only need to intercept regular non-encrypted traffic, you do not have to install any agents. However, if you wish to intercept Skype and encrypted traffic, or use additional functionality of the system (taking regular screenshots on endpoints, automatic assignment of contact data to users, etc.), agents should be deployed. They can be installed remotely and absolutely invisibly for the users.

The system will automatically reinstall the Endpoint Agent onto the workstation it was removed from. Also, the security officer will see information about that in the special Endpoint Agent status window of the program’s administrator console.

Yes. The system allows hiding the agent process and service, as well as all agent files and folders on the endpoint. However, it should be kept in mind that this function may cause conflict with some antivirus programs. In this case, the antivirus should be configured accordingly.

Yes. This will allow intercepting all data flows with precise identification of users working on the server.

Sometimes you may see the following warning during the installation of Microsoft .NET Framework 4.0 on your Windows Server 2003/2008: "You must install the 32-bit Windows Imaging Component (WIC) before you run Setup. Please visit the Microsoft Download Center to install WIC, and then rerun Setup." In this case follow this link to download and install the "wic_x86_enu.exe" file. Once it is installed, rerun .NET Framework 4 setup.